What is claimed is: 

1 . A security system for a computer system, comprising: 
a plurality of assets within the computer system; 

a plurality of members registered to use the computer system; 

a plurality of roles defining user rights, each member having at least one 

role; 

a plurality of access control lists corresponding to the assets, each list 
defining at least one privilege for accessing the asset according to a member's 
role; and 

at least one domain, each domain having a subset of the assets and 
corresponding access control lists, and a subset of the members; 

wherein access is allowed by a member to a requested asset within a 
domain when that member has a role corresponding to a privilege for that asset. 

2. The system of Claim 1, wherein the privileges for each asset include 
actions that can be performed on that asset, and wherein access is allowed when 
a requested access by a member includes an action to be performed form the 
access control list. 
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The system of Claim 1 , wherein the privileges include a read privilege. 
The system of Claim 1, wherein the privileges include a modify privilege. 
The system of Claim 1, wherein the privileges include a delete privilege. 
The system of Claim 1 , wherein the system includes at least two domains. 
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7. A method for providing secure access to assets within a computer system, 
comprising the steps of: 

when a user attempts to access an asset within a domain, determining a 
at least one role assigned to the user; 

comparing rights corresponding to the role assigned to the user to a list of 
privileges corresponding to the asset; 

if the attempted access is allowed for a role assigned to the user, allowing 
the user to access the asset. 

8. The method of Claim 7, wherein a requested access is one from the types 
read, modify, or delete. 

9. The method of Claim 7, further comprising the step of: 

prior to the user attempting to access any assets, authenticating the user's 
identification, and assigning at least one role to the user. 
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